<?php

/**
 * sfBasicSecurityFilterExt
 *
 * @package    scar
 * @subpackage filter
 */
class sfBasicSecurityFilterExt extends sfBasicSecurityFilter
{
  public function execute($filterChain)
  {
    // disable security on login and secure actions
    if (
      (sfConfig::get('sf_login_module') == $this->context->getModuleName()) && (sfConfig::get('sf_login_action') == $this->context->getActionName())
      ||
      (sfConfig::get('sf_secure_module') == $this->context->getModuleName()) && (sfConfig::get('sf_secure_action') == $this->context->getActionName())
    )
    {
      $filterChain->execute();

      return;
    }

    // NOTE: the nice thing about the Action class is that getCredential()
    //       is vague enough to describe any level of security and can be
    //       used to retrieve such data and should never have to be altered
    if (!$this->context->getUser()->isAuthenticated())
    {
      // the user is not authenticated
      $this->forwardToLoginAction();
    }

    // the user is authenticated
  	$current_route = $this->context->getRouting()->getCurrentRouteName();
    if ($current_route && !$this->getUser()->hasPermission($current_route))
    {
      // the user doesn't have access
      $this->forwardToSecureAction();
    }

    // the user has access, continue
    $filterChain->execute();
  }
  
  
  protected function getUser()
  {
  	return $this->context->getUser();
  }
}
